Results 1 to 2 of 2

Thread: Wireshark display filters

  1. #1
    Senior Member

    Join Date
    Jan 2008
    Location
    A rock in the ocean
    Posts
    752
    Thanks
    99
    Thanked 135 Times in 79 Posts
    Rep Power
    290
    Reputation
    3356

    Default Wireshark display filters

    Google hasn't helped much here.
    Looking to compare a bunch of Ethernet packets payloads, so I've captured the data required with Wireshark and plan to export the captures to a text file for comparison. I can't get a display filter to properly filter out 100% of just the payloads. Filtering by tcp.segment_data gets fairly close, but there's other data in the exchange that Wireshark 'helpfully' interprets for the user (eg: UDP, Skype etc) and tcp.segment_data doesn't show those, and thus when exporting it misses those packets.
    If I filter just using 'data' - this doesn't show the payload, rather, it just flags the presence or not of a payload.
    Any ideas?



Look Here ->
  • #2
    Senior Member

    Join Date
    Jan 2008
    Location
    A rock in the ocean
    Posts
    752
    Thanks
    99
    Thanked 135 Times in 79 Posts
    Rep Power
    290
    Reputation
    3356

    Default

    Ah! "data.data" is the filter I needed.

  • Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •